Select your country

Not finding what you are looking for, select your country from our regional selector:

Search

Modern SOC Series - Augmented not Autonomous: the future of AI-assisted SOC (1/3)

In today’s AI-driven threat landscape, the SOC of the future won’t be autonomous—it will be human-led and AI-augmented. Based on insights from Grant Paling, Product Management Director at Orange Cyberdefense, this article explores how AI enhances analyst workflows, boosts SOC efficiency, and supports better decision-making—without replacing human oversight. Learn how to build a modern, trusted, and resilient AI-assisted SOC.

Let’s start with a big-picture view — what does “Augmented, not Autonomous” mean in the context of the modern SOC? Why is it an important distinction to make in today’s AI-driven landscape? 

“When we use terms like 'autonomous' and 'augmented', we need to be really careful,” says Grant Paling. “Words matter — especially when they shape expectations about what AI can or can’t do in security.” 

In the context of the modern SOC, 'autonomous' suggests systems that operate entirely without human input — a fully hands-off model. But in reality, that level of AI maturity simply doesn’t exist in cybersecurity. “If we’re not realistic about AI’s limitations, we risk overestimating what these systems can do and underestimating the ongoing need for human oversight.” 

Instead, the term 'augmented' better reflects where we are — and where we’re heading. AI doesn’t replace analysts. It supports and enhances their capabilities, helping them move faster, filter out noise with additional assurance, and focus on what truly matters. 

AI is becoming a core part of many SOC tools — but where do you see its true value in daily SOC operations? 

“The most meaningful impact of AI in the SOC is in efficiency,” Grant explains. “It's in triaging alerts, enriching data automatically, detecting anomalies that humans would struggle to spot on their own — and doing all of that at speed and scale.” 

Rather than trying to ‘autonomize’ the entire SOC, the focus should be on augmenting specific stages of the analyst workflow: detecting known patterns faster, presenting relevant context specific to each environment monitored, and suggesting best practice containment and remediation actions. “The real value is when AI makes people faster and more confident in their decisions — not when it tries to take the decision out of their hands.” 

Can you talk about why it’s critical for the SOC to remain human-led, despite the growing capabilities of AI? 

Even with the most advanced tools in play, Grant is clear: human judgment remains essential. “We employ hundreds of security analysts globally — and that number isn’t going down. Why? Because cybersecurity is full of edge cases, subtleties, and contextual factors that machines simply can’t grasp.” 

An effective SOC requires adaptability, ethical reasoning, and intuition — things no current algorithm can replicate. “If we present AI as a replacement for human talent, we risk undermining the entire value of a layered security approach.” 

In your experience, what mindset or skills should security analysts develop to best leverage AI in their workflows? 

The analysts of tomorrow don’t need to become data scientists, but they do need to understand how AI can support them. 

“Curiosity is a big one,” says Grant. “Understanding the ‘why’ behind an AI-generated recommendation makes analysts more confident and capable in using the tool effectively.” In practice, this means learning to ask questions, interpret patterns, and — critically — knowing when to challenge or override the machine. 

“The best outcomes I can see are when analysts work with AI, not around it.” 

How can we ensure trust, transparency, and accountability in AI-driven SOC environments?

Rather than creating a new legal paradigm, the introduction of AI adds another layer to an already regulated environment. “Ultimately, humans remain accountable,” he adds. “AI can support decisions, but it doesn’t replace the responsibility of the analysts, engineers, or the organization itself.” 

To build trust, transparency needs to be operational – with clear explanations of how AI outputs are generated, and mechanisms in place for human review and intervention. “We must treat AI like any other tool: powerful, but not beyond scrutiny.” 

Looking ahead, what does the future SOC look like to you - in five years, how will humans and AI be working together? 

“The future SOC will be faster, more adaptive, and more deeply integrated with AI - but it will still be human-led,” says Grant. Analysts will work side by side with AI systems that are more context-aware, predictive, and supportive of complex workflows. AI will help prioritize alerts, reduce time-to-response, and elevate situational awareness across the SOC. 

But there's another side to the coin. 

“As defenders, we’ll be using AI more than ever – but so will the attackers,” Grant points out. “That’s the reality. AI isn’t just fueling our capabilities; it’s also enhancing the sophistication and speed of malicious actors. So what we’ll see is two opposing forces, both augmented by AI, continuously evolving and adapting in response to each other.” 

This dynamic, Grant believes, will define the future of cybersecurity operations. “We won’t have a fully autonomous SOC - we’ll have an augmented battlefield where intelligence, agility, and human oversight are more important than ever.” 

As we move deeper into an AI-assisted era, one thing is clear: technology alone won’t define the future of the SOC - people will. At Orange Cyberdefense, we believe in empowering defenders with the right intelligence, the right tools, and the right support to navigate complexity with clarity. 

Because in a world where both sides are augmented, it’s not just about keeping up – it’s about leading with confidence.  

Learn more about AI security

Grant Paling

Product Management Director
Orange Cyberdefense

About the author

Grant Paling is a cybersecurity product leader with extensive experience in managed services, threat intelligence, and incident response. At Orange Cyberdefense, he leads the strategic development of Microsoft-integrated security solutions and drives innovation across transversal services.

Previously at SecureLink, Grant built and led incident response and CSIRT capabilities across Europe. With a unique mix of technical depth and client-focused insight, he helps organizations get the most value from their security investments.

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.

CSIRT